Physical Sciences and Mathematics Commons^™

Evaluating An Educational Cybersecurity Playable Case Study, Tanner West Johnson

Theses and Dissertations

The realities of cyberattacks have become more and more prevalent in the world today. Due to the growing number of these attacks, the need for highly trained individuals has also increased. Because of a shortage of qualified candidates for these positions, there is an increasing need for cybersecurity education within high schools and universities. In this thesis, I discuss the development and evaluation of Cybermatics, an educational simulation, or playable case study, designed to help students learn and develop skills within the cybersecurity discipline.

This playable case study was designed to allow students to gain an understanding of the field …

Designing Cybersecurity Competitions In The Cloud: A Framework And Feasibility Study, Chandler Ryan Newby

Theses and Dissertations

Cybersecurity is an ever-expanding field. In order to stay current, training, development, and constant learning are necessary. One of these training methods has historically been competitions. Cybersecurity competitions provide a method for competitors to experience firsthand cybersecurity concepts and situations. These experiences can help build interest in, and improve skills in, cybersecurity.

While there are diverse types of cybersecurity competitions, most are run with on-premise hardware, often centralized at a specific location, and are usually limited in scope by available hardware. This research focuses on the possibility of running cybersecurity competitions, specifically CCDC style competitions, in a public cloud environment. …

Towards Enhanced Security For Automotive Operating Systems, Maksym Hryhorenko

Theses and Dissertations

Modern automotive infotainment systems are represented by highly complex components with broad functionality and network capabilities. As a result, they are becoming more exposed to the outer world, thus turning into potentially lucrative targets for remote cyber attacks. In the worst case scenario, an attacker could gain complete control over critical vehicle’s systems, for instance, steering, braking, engine, etc. This thesis proposes security hardening features based on ARM’s TrustZone technology for infotainment systems that ensures confidentiality and integrity of critical applications. In addition, we present a technique that allows to mitigate the impact of certain attacks on the car’s internal …

Privus: Take Back Your Privacy The Effect Of A User-Centered Approach On Privacy Management, Aral Tasher

Theses and Dissertations

Rapid innovations in science and engineering have created a greater opportunity for disruptive technologies to be established at a faster rate. Less than a decade ago mobile, phones were a mere tool for communication, nowadays, we rely on their successors to remind us about our next appointment, what we need from the grocery store, or even where we parked our car. But this assistance comes with a cost; in order to help us, our devices rely on using our personal information like GPS, contacts list and personal notes, –in some cases more information than what the app needs. While there …

Estimating Defensive Cyber Operator Decision Confidence, Markus M. Borneman

Theses and Dissertations

As technology continues to advance the domain of cyber defense, signature and heuristic detection mechanisms continue to require human operators to make judgements about the correctness of machine decisions. Human cyber defense operators rely on their experience, expertise, and understanding of network security, when conducting cyber-based investigations, in order to detect and respond to cyber alerts. Ever growing quantities of cyber alerts and network traffic, coupled with systemic manpower issues, mean no one has the time to review or change decisions made by operators. Since these cyber alert decisions ultimately do not get reviewed again, an inaccurate decision could cause …

Pattern-Of-Life Modeling Using Data Leakage In Smart Homes, Steven M. Beyer

Theses and Dissertations

This work investigates data leakage in smart homes by providing a Smart Home Automation Architecture (SHAA) and a device classifier and pattern-of-life analysis tool, CITIoT (Classify, Identify, and Track Internet of things). CITIoT was able to capture traffic from SHAA and classify 17 of 18 devices, identify 95% of the events that occurred, and track when users were home or away with near 100% accuracy. Additionally, a mitigation tool, MIoTL (Mitigation of IoT Leakage) is provided to defend against smart home data leakage. With mitigation, CITIoT was unable to identify motion and camera devices and was inundated with an average …

Passive Radiolocation Of Ieee 802.11 Emitters Using Directional Antennae, Bradford E. Law

Theses and Dissertations

Low-cost commodity hardware and cheaper, more capable consumer-grade drones make the threat of home-made, inexpensive drone-mounted wireless attack platforms (DWAPs) greater than ever. Fences and physical security do little to impede a drone from approaching private, commercial, or government wireless access points (WAPs) and conducting wireless attacks. At the same time, unmanned aerial vehicles (UAVs) present a valuable tool for network defenders conducting site surveys and emulating threats. These platforms present near-term dangers and opportunities for corporations and governments. Despite the vast leaps in technology these capabilities represent, UAVs are noisy and consequently difficult to conceal as they approach a …

Assured Android Execution Environments, Brandon P. Froberg

Theses and Dissertations

Current cybersecurity best practices, techniques, tactics and procedures are insufficient to ensure the protection of Android systems. Software tools leveraging formal methods use mathematical means to assure both a design and implementation for a system and these methods can be used to provide security assurances. The goal of this research is to determine methods of assuring isolation when executing Android software in a contained environment. Specifically, this research demonstrates security properties relevant to Android software containers can be formally captured and validated, and that an implementation can be formally verified to satisfy a corresponding specification. A three-stage methodology called "The …

Mitigating The Effects Of Cyber Attacks And Human Control In An Autonomous Intersection, Karl C. Bentjen

Theses and Dissertations

Widespread use of fully autonomous vehicles is near. However, the desire for a human to maintain control, even if limited, of a vehicle will likely never fully subside. Protocols to safely and efficiently manage reservation-based intersections with a mixture of fully autonomous, semi-autonomous, and non-autonomous vehicles exist such as AIM, SemiAIM, and H-AIM. Missing from these protocols is persistent human control of semi-autonomous vehicles in approaching and navigating autonomous intersections without the use of traditional signals. This thesis offers a proof-of-concept of a reservation-based protocol with necessary extensions required for human control in semi-autonomous vehicles. Desired is a protocol that …

Methods Of Reverse Engineering A Bitstream For Field Programmable Gate Array Protection, Daniel J. Celebucki

Theses and Dissertations

Field Programmable Gate Arrays (FPGAs) are found in numerous industries including consumer electronics, automotive, military and aerospace, and critical infrastructure. The ability to be reprogrammed as well as large computational power and relatively low price make them a good fit for low-volume applications that cannot justify the Non-Recurring Engineering (NRE) costs associated with producing Application-Specific Integrated Circuits (ASICs). FPGAs however, have seen a variety of security issues stemming from the fact that their configuration files are not inherently protected. This research assesses the feasibility of reverse engineering the bitstream format for a previously unexplored FPGA, as well as the utilization …

Assessing And Expanding Extracurricular Cybersecurity Youth Activities' Impact On Career Interest, Michael H. Dunn

Theses and Dissertations

This thesis assesses and expands the potential of extracurricular activities to address the shortage of cybersecurity workers by increasing secondary school students’ interest in these careers. Competitions and badges, two forms of gamification often applied in extracurricular educational activities, have potential to improve motivation and increase interest in related careers, but are significantly understudied in the context of cybersecurity activities. CyberPatriot is the largest cybersecurity competition in the United States for secondary school students. Impact on participants’ career interests is assessed by analyzing responses to recent surveys conducted by the competition organizers. Analysis demonstrates significantly increased interest in cybersecurity in …

Variable Speed Simulation For Accelerated Industrial Control System Cyber Training, Luke M. Bradford

Theses and Dissertations

It is important for industrial control system operators to receive quality training to defend against cyber attacks. Hands-on training exercises with real-world control systems allow operators to learn various defensive techniques and see the real-world impact of changes made to a control system. Cyber attacks and operator actions can have unforeseen effects that take a significant amount of time to manifest and potentially cause physical harm to the system, making high-fidelity training exercises time-consuming and costly. This thesis presents a method for accelerating training exercises by simulating and predicting the effects of a cyber event on a partially-simulated control system. …

Securing Critical Infrastructure: A Ransomware Study, Blaine M. Jeffries

Theses and Dissertations

This thesis reviews traditional ransomware attack trends in order to present a taxonomy for ransomware targeting industrial control systems. After reviewing a critical infrastructure ransomware attack methodology, a corresponding response and recovery plan is described. The plan emphasizes security through redundancy, specifically the incorporation of standby programmable logic controllers. This thesis goes on to describe a set of experiments conducted to test the viability of defending against a specialized ransomware attack with a redundant controller network. Results support that specific redundancy schemes are effective in recovering from a successful attack. Further experimentation is conducted to test the feasibility of industrial …

Expected Coverage (Excov): A Proposal To Compare Fuzz Test Coverage Within An Infinite Input Space, Evan V. Swihart

Theses and Dissertations

A Fuzz test is an approach used to discover vulnerabilities by intentionally sending invalid inputs to a system for the purpose of triggering some type of fault or unintended effect that renders the system vulnerable to an exploit. Fuzz testing is an important cyber-testing technique used to find and fix vulnerabilities before they are exploited. The fuzzing of military data links presents a particular challenge because existing fuzzing tools cannot be easily applied to these systems. As a result, the tools and techniques used to fuzz these links vary widely in sophistication and effectiveness. Because of the infinite, or nearly …

Securing Data In Transit Using Two Channel Communication, Clark L. Wolfe

Theses and Dissertations

Securing data in transit is critically important to the Department of Defense in todays contested environments. While encryption is often the preferred method to provide security, there exist applications for which encryption is too resource intensive, not cost-effective or simply not available. In this thesis, a two-channel communication system is proposed in which the message being sent can be intelligently and dynamically split over two or more channels to provide a measure of data security either when encryption is not available, or perhaps in addition to encryption. This data spiting technique employs multiple wireless channels operating at the physical layer, …

Developing A Cyberterrorism Policy: Incorporating Individual Values, Osama Bassam J. Rabie

Theses and Dissertations

Preventing cyberterrorism is becoming a necessity for individuals, organizations, and governments. However, current policies focus on technical and managerial aspects without asking for experts and non-experts values and preferences for preventing cyberterrorism. This study employs value focused thinking and public value forum to bare strategic measures and alternatives for complex policy decisions for preventing cyberterrorism. The strategic measures and alternatives are per socio-technical process.

Smartphone User Privacy Preserving Through Crowdsourcing, Bahman Rashidi

Theses and Dissertations

In current Android architecture, users have to decide whether an app is safe to use or not. Expert users can make savvy decisions to avoid unnecessary private data breach. However, the majority of regular users are not technically capable or do not care to consider privacy implications to make safe decisions. To assist the technically incapable crowd, we propose a permission control framework based on crowdsourcing. At its core, our framework runs new apps under probation mode without granting their permission requests up-front. It provides recommendations on whether to accept or not the permission requests based on decisions from peer …

Transfer Learning With Convolutional Neural Networks Applied To Periocular Biometrics, Kushal Vangara

Theses and Dissertations

Biometrics technologies are designed for recognition of the unique physiological and behavioral features of an individual for identification and verification applications. There have been noteworthy advances in this field to recognize individuals based on their biometric trait(s) for authentication and verification applications. Despite these advances, there are many challenging issues which impede the potential of biometric systems and therefore limit the systems performance. Traditional biometric system design involves a selection of handcrafted features for recognition tasks which are not efficient as the size of the system scales up. Face and iris biometrics are reliable for many identification and verification applications …

Big Networks: Analysis And Optimal Control, Hung The Nguyen

Theses and Dissertations

The study of networks has seen a tremendous breed of researches due to the explosive spectrum of practical problems that involve networks as the access point. Those problems widely range from detecting functionally correlated proteins in biology to finding people to give discounts and gain maximum popularity of a product in economics. Thus, understanding and further being able to manipulate/control the development and evolution of the networks become critical tasks for network scientists. Despite the vast research effort putting towards these studies, the present state-of-the-arts largely either lack of high quality solutions or require excessive amount of time in real-world …